Example 1 with RoleLDAPStorageMapperFactory
use of org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory in project keycloak by keycloak.
the class TestLDAPResource method prepareRolesLDAPTest.
/**
* Prepare groups LDAP tests. Creates some LDAP mappers as well as some built-in GRoups and users in LDAP
*/
@POST
@Path("/configure-roles")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public void prepareRolesLDAPTest() {
ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(realm);
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
// Add role mapper
LDAPTestUtils.addOrUpdateRoleMapper(realm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
// Remove all LDAP groups and users
LDAPTestUtils.removeAllLDAPGroups(session, realm, ldapModel, "rolesMapper");
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm);
// Add some LDAP users for testing
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1");
// Add some groups for testing
LDAPObject group1 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group1");
LDAPObject group2 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group2");
LDAPObject group3 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group3");
// add the users to the groups
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, john);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, mary);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, rob);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, john);
LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, mary);
// Sync LDAP groups to Keycloak DB roles
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "rolesMapper");
new RoleLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
}
Also used :
RoleLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
Example 2 with RoleLDAPStorageMapperFactory
use of org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory in project keycloak by keycloak.
the class LDAPRoleMapperTest method test02RoleMapperClientRoles.
@Test
public void test02RoleMapperClientRoles() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// create a client to set the roles in it
ClientModel rolesClient = session.clients().addClient(appRealm, "role-mapper-client");
try {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "rolesMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USE_REALM_ROLES_MAPPING, "false", RoleMapperConfig.CLIENT_ID, rolesClient.getClientId());
appRealm.updateComponent(mapperModel);
// synch to the client to create the roles at the client
new RoleLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
// check users
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertNotNull(john);
Assert.assertThat(john.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
Assert.assertNotNull(mary);
Assert.assertThat(mary.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
Assert.assertNotNull(rob);
Assert.assertThat(rob.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1"));
UserModel james = session.users().getUserByUsername(appRealm, "jameskeycloak");
Assert.assertNotNull(james);
Assert.assertThat(james.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.empty());
// check groups
RoleModel group1 = rolesClient.getRole("group1");
Assert.assertNotNull(group1);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group1).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak", "robkeycloak"));
RoleModel group2 = rolesClient.getRole("group2");
Assert.assertNotNull(group2);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group2).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak"));
RoleModel group3 = rolesClient.getRole("group3");
Assert.assertNotNull(group3);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group3).collect(Collectors.toSet()), Matchers.empty());
} finally {
appRealm.removeClient(rolesClient.getId());
}
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
RoleLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory)
ComponentModel(org.keycloak.component.ComponentModel)
RoleModel(org.keycloak.models.RoleModel)
Test(org.junit.Test)
Aggregations
ComponentModel (org.keycloak.component.ComponentModel)2
RoleLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory)2
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
Test (org.junit.Test)1
ClientModel (org.keycloak.models.ClientModel)1
RealmModel (org.keycloak.models.RealmModel)1
RoleModel (org.keycloak.models.RoleModel)1
UserModel (org.keycloak.models.UserModel)1
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)1
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)1
